Menu

Zero Capability Checks or Data Validation

It seems only appropriate that I post a terrible code snippet that I myself wrote. This is one piece of the code that I used to create new post types in version 1.0 of my Easy Content Types plugin.
This code was loaded directly into the main plugin file and had zero capability checks. It also doesn’t ever validate any of the data that is getting passed to the database, meaning that this was very, very, very susceptible to SQL injection.

All of the fields are now passed through sanitation functions and all values are properly escaped before they are inserted in the DB. sanitize_text_field() and $wpdb->prepare() are the main functions used.